1/* 2 * Copyright (c) 2011 Kungliga Tekniska Högskolan 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 * All rights reserved. 5 * 6 * Portions Copyright (c) 2011 Apple Inc. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * 3. Neither the name of KTH nor the names of its contributors may be 20 * used to endorse or promote products derived from this software without 21 * specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY 24 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 26 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE 27 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 28 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 29 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR 30 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 31 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 32 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 33 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 */ 35 36#import <CoreFoundation/CoreFoundation.h> 37#import <dispatch/dispatch.h> 38#import <Availability.h> 39 40/* 41 * Type is any of the kGSSAttrTypeNNN credential types below, type are 42 * strings 43 */ 44extern const CFTypeRef kGSSAttrClass 45 __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); 46 47extern const CFStringRef kGSSAttrClassKerberos 48 __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); 49extern const CFStringRef kGSSAttrClassNTLM 50 __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); 51extern const CFStringRef kGSSAttrClassIAKerb 52 __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); 53 54/* 55 * Item supports acquiring a gss_cred_id_t with GSSItemOperation 56 */ 57extern const CFTypeRef kGSSAttrSupportGSSCredential 58 __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); 59 60/* 61 * kGSSAttrNameGSSExportedName, kGSSAttrNameGSSUsername, 62 * kGSSAttrNameGSSServiceBasedHostname, can set and will be returned 63 * 64 * kGSSAttrNameDisplay can only be returned, constructed from the 65 * other name types after creation. 66 */ 67extern const CFTypeRef kGSSAttrNameType 68 __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); 69extern const CFTypeRef kGSSAttrNameTypeGSSExportedName /* CFDataRef */ 70 __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); 71extern const CFTypeRef kGSSAttrNameTypeGSSUsername /* CFStringRef */ 72 __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); 73extern const CFTypeRef kGSSAttrNameTypeGSSHostBasedService /* CFStringRef */ 74 __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); 75 76extern const CFTypeRef kGSSAttrName 77 __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); 78 79/* name suiteable to display to user */ 80extern const CFTypeRef kGSSAttrNameDisplay /* CFStringRef */ 81 __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); 82 83/* 84 * Unique UUID for this entry 85 */ 86extern const CFTypeRef kGSSAttrUUID /* CFUUIDRef */ 87 __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); 88 89 90/* 91 * If the item is a transient credential it can have associated 92 * expiration time. 93 */ 94extern const CFTypeRef kGSSAttrTransientExpire /* CFDateRef */ 95 __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); 96extern const CFTypeRef kGSSAttrTransientDefaultInClass /* CFBooleanRef */ 97 __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); 98/* 99 * Credential to use to use when acquiring with with 100 * GSSItemOperation(kGSSOperationAcquire) or when dealing with a 101 * persistant credential. 102 * 103 * The credentials is not exportable and will always show up as 104 * the cfobject kGSSAttrCredentialExists when queried. 105 */ 106 107extern const CFTypeRef kGSSAttrCredentialPassword /* CFStringRef */ 108 __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); 109extern const CFTypeRef kGSSAttrCredentialStore /* CFBooleanRef */ 110 __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); 111extern const CFTypeRef kGSSAttrCredentialSecIdentity /* SecIdentityRef */ 112 __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); 113extern const CFTypeRef kGSSAttrCredentialExists 114 __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); 115 116/* 117 * Status of a credentials 118 */ 119 120extern const CFTypeRef kGSSAttrStatusPersistant 121 __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); 122extern const CFTypeRef kGSSAttrStatusAutoAcquire 123 __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); 124extern const CFTypeRef kGSSAttrStatusAutoAcquireStatus 125 __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); 126extern const CFTypeRef kGSSAttrStatusTransient 127 __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); 128 129/* 130 * Create/Modify/Delete/Search GSS items 131 * 132 * Credentials needs a type, name 133 */ 134 135typedef struct GSSItem *GSSItemRef; 136 137GSSItemRef 138GSSItemAdd(CFDictionaryRef attributes, CFErrorRef *error) 139 __attribute__((cf_returns_retained)) 140 __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); 141 142Boolean 143GSSItemUpdate(CFDictionaryRef query, CFDictionaryRef attributesToUpdate, CFErrorRef *error) 144 __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); 145 146Boolean 147GSSItemDelete(CFDictionaryRef query, CFErrorRef *error) 148 __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); 149 150Boolean 151GSSItemDeleteItem(GSSItemRef item, CFErrorRef *error) 152 __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); 153 154/** 155 * Will never return a zero length array, GSSItemCopyMatching() will return more then one entry or a NULL pointer. 156 */ 157 158CFArrayRef 159GSSItemCopyMatching(CFDictionaryRef query, CFErrorRef *error) 160 __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); 161 162 163 164/* 165 * Use a GSSItem to convert to either another type or to perform an 166 * operation with the credential. 167 * 168 */ 169 170typedef struct __GSSOperationType const * GSSOperation; 171 172extern const struct __GSSOperationType __kGSSOperationAcquire /* NULL, NULL|error */ 173 __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); 174#define kGSSOperationAcquire (&__kGSSOperationAcquire) 175 176extern const struct __GSSOperationType __kGSSOperationRenewCredential 177 __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); 178#define kGSSOperationRenewCredential (&__kGSSOperationRenewCredential) 179 180extern const struct __GSSOperationType __kGSSOperationGetGSSCredential /* gss_cred_it_t, NULL|error */ 181 __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); 182#define kGSSOperationGetGSSCredential (&__kGSSOperationGetGSSCredential) 183 184extern const struct __GSSOperationType __kGSSOperationDestoryTransient /* kCFBoolean{True,False}, NULL|error */ 185 __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); 186extern const struct __GSSOperationType __kGSSOperationDestroyTransient /* kCFBoolean{True,False}, NULL|error */ 187 __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); 188#define kGSSOperationDestoryTransient (&__kGSSOperationDestroyTransient) 189#define kGSSOperationDestroyTransient (&__kGSSOperationDestroyTransient) 190 191extern const struct __GSSOperationType __kGSSOperationRemoveBackingCredential /* kCFBoolean{True,False}, NULL|error */ 192 __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); 193#define kGSSOperationRemoveBackingCredential (&__kGSSOperationRemoveBackingCredential) 194 195extern const struct __GSSOperationType __kGSSOperationChangePassword 196 __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); 197#define kGSSOperationChangePassword (&__kGSSOperationChangePassword) 198 199extern const CFTypeRef kGSSOperationChangePasswordOldPassword 200 __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); 201extern const CFTypeRef kGSSOperationChangePasswordNewPassword 202 __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); 203 204extern const struct __GSSOperationType __kGSSOperationCredentialDiagnostics 205 __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); 206#define kGSSOperationCredentialDiagnostics (&__kGSSOperationCredentialDiagnostics) 207 208extern const struct __GSSOperationType __kGSSOperationSetDefault 209 __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); 210#define kGSSOperationSetDefault (&__kGSSOperationSetDefault) 211 212typedef void (^GSSItemOperationCallbackBlock)(CFTypeRef result, CFErrorRef error); 213 214Boolean 215GSSItemOperation(GSSItemRef item, GSSOperation op, CFDictionaryRef options, 216 dispatch_queue_t q, GSSItemOperationCallbackBlock fun) 217 __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); 218 219CFTypeRef 220GSSItemGetValue(GSSItemRef item, CFStringRef key) 221 __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); 222 223CFTypeID 224GSSItemGetTypeID(void) 225 __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_6_0); 226